TeamPCP strikes Checkmarx again: Jenkins AST plugin replaced

Colleagues, a cybersecurity alert: TeamPCP published a modified Checkmarx Jenkins AST plugin.
Brief:
- Checkmarx confirmed safe version 2.0.13-829.vc72453fa_1c16 (17.12.2025); later 2.0.13-848.v76e89de8a_053 released.
- SOCRadar and researcher Adnan Khan report repo access, defacement and renaming.
- Continues TeamPCP campaign: compromises of KICS Docker, VS Code extensions, GitHub Actions, and brief npm Bitwarden CLI compromise.
Actions: verify plugin version, rotate credentials, review remediations.
Why it matters: supply-chain attacks scale rapidly and exfiltrate developer secrets.
What supply-chain protections do you prioritize?
#cybersecurity #supplychain #DevSecOps #Checkmarx


Latest comments
No comments yet.